Advertisement

Las Vegas security conferences were crawling with feds

U.S. government officials descended on Las Vegas last week to strengthen existing and form new relationships with the cybersecurity and hacker communities.
DEF_CON_17_CTF_competition

A team competing in the CTF competition at DEF CON 17 // Creative Commons

What used to be a side game among DEF CON attendees is now as commonplace as the security conference’s electronic badges.

“We used to do ‘spot the fed,’ where we would try to oust feds, and now we have invited feds to our panels to sit there and talk with us in a productive manner,” said Beau Woods, Atlantic Council deputy director, during an event Wednesday at the D.C.-based think tank.

Woods, along with Federal Trade Commission Chief Technologist Lorrie Cranor, Tenable Network Security strategist Cris Thomas and former White House cybersecurity official Jason Healey, spoke to how U.S. government officials descended on Las Vegas last week to strengthen existing and form new relationships with the cybersecurity and hacker communities.

Advertisement

This year’s Sin City-based BSides, DEF CON and Black Hat cybersecurity conferences were well attended by government officials, Thomas said — especially so in comparison to past years.

One of the keystone moments of the week was a fundraiser held by Democratic presidential nominee Hillary Clinton’s campaign, which was hosted by Black Hat founder Jeff Moss. Moss has bridged both the hacker and government communities in recent years, including serving on an advisory council for the Department of Homeland Security.

“From the earlier days of these conferences … it was so apolitical,” said Healey. “I think the [fundraiser] really caught a lot of people as the maturation of the field. Like all of a sudden now we matter. We used to have to go to D.C. to testify and now it is coming to us.”

Cranor spoke at BSides and DEF CON, the latter with FTC commissioner Terrell McSweeny about privacy and digital security. Cranor explained that the FTC attended the conferences to “learn, listen and do outreach.” In the past, the FTC has operated a trade show booth and organized contests for conference attendees.

Among other feds, officials from 18F, the Department of Homeland Security, Commerce Department and National Institute of Standards and Technology, or NIST, attended DEF CON.

Advertisement

Capitol Hill also had a presence in Vegas. Two sitting congressmen, Reps. Will Hurd, R-Texas, and Rep. Eric Swalwell, D-Calif., were interviewed by Facebook Chief Security Officer Alex Stamos during a panel on how information security professionals can approach elected officials with cybersecurity issues.

“I think we’re seeing a change in government attitudes towards ‘hackers,’ said Thomas. “Twenty years ago it was nothing but FBI raids, now you have groups like Commerce and FDA and FTC and [Defense Department] who are reaching out and trying to bridge that gap … they’re trying to say, ‘Hey, come help us out.’”

Healey — a longtime DEF CON attendee and former NSA officer — believes that the White House holds the power to help accelerate and foster broad relations between the government and hacker community by pursuing specific policy remedies, he told FedScoop following the event.

Healey said if Washington supports strong encryption without compromise it would be a big first step. Additionally, Healey said the White House should compel law enforcement to be more candid about how it can access encrypted data stored on electronic devices.

“I, for example, want to know what the White House was doing on the Apple-FBI bug … the FBI was saying ‘We don’t know what this vulnerability is we can’t possibly submit it to the Vulnerabilities Equities Process,’ ” he said, referring to the bureau’s fight to unlock the iPhone owned by one of the San Bernardino shooters. “To me, that’s against the policy, that’s against the president’s clear intent — it was the president who originally approved this policy.”

Advertisement

Healey also said the federal government must be careful about how sitting judges use the Computer Fraud and Abuse Act. to prosecute computer researchers.

“The memory of Aaron Swartz goes a long way on this and what can happen under the laws — and not being convinced that those days are over — that really hurts,” he said, referring to the computer programmer who committed suicide in 2013 while in the midst of a contentious legal battle with federal prosecutors.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts